Questions to consider – Buying an ADC

These are some of the questions that you would want to analyze and answer before thinking about buying an ADC:

What is the load requirement ?

This is defined in terms of maximum number of concurrent or simultaneous connections/requests that an ADC can handle.

Another factor to consider is the rate of connections/requests. If your application requires short bursts of traffic, the ADC should be able to handle it.

What kind of protocol do you intend to load balance ? 

Most customers tend to load balance HTTP traffic. If you intend to perform load balancing of specific applications like Citrix/Xen related apps, it will be better to buy a Citrix ADC like NetScaler.

Does your application require “persistence” and if so, what kind of “persistence” do you require ?

Persistence is the ability of the load balancer to send a client connection request to the same server that handled the previous request based on information presented by the client connection. This information can be Source IP address or Cookie or any information available in the incoming packet like JSession ID.

Persistence information is generally required for applications like a checkout cart. For example, after a client adds merchandise to the checkout cart, subsequent HTTP request/TCP connection should be sent to the server with the checkout cart information in order to complete the transaction. If the connection/request is sent to a different server, the checkout cart may not have the relevant information.

Do you require Layer7 load balancing like redirect or load balancing based on HTTP header/content ?

One of the differentiating factor between the newer generation ADC and the older Load Balancer is the difference in their ability to handle L7 function. Load Balancers don’t provide as much L7 functionality as the ADC.

Certain functions like redirects can be implemented on the ADC instead of the servers. This will reduce the round trip time and the latency involved in serving the application and at the same time make it easier from an administrative perspective as the redirect configuration is implemented at one point instead of multiple servers.

Are you planning to terminate the SSL certificate/key on the ADC and send the unencrypted traffic to the servers ?

Implementing SSL termination on the load balancer will reduce the load on the servers as SSL processing can be resource intensive. From a management perspective, it is easier to replace the certificate/key on a single device (ADC) than a multitude of servers. With a flood of SSL vulnerabilities, any changes required to the SSL ciphers or versions can be done at one location.

If load balancing requires L7 functionality, the SSL cert/key has to be terminated on the ADC as the SSL encrypted traffic has to be decrypted at the ADC before any L7 functionality can be implemented by the ADC.

Does your business require specific SSL ciphers/versions for regulatory or security reasons ?

SSL processing is done on hardware or software. For any ADC, some ciphers are handled at the hardware level and some ciphers are handled at the software level. Hardware SSL generally tends to be efficient than software SSL processing.

SSL Keys – Newer ADCs are optimized for the 2K keys and the older ones can only handle 1K key efficiently. Newer F5 platforms are better optimized for SSL 2K keys than the older F5 LTM 1600 & 3600

Do you require High Availability ?

ADC can be a single point of failure. Using ADC in high availability setting would provide the redundancy.

Do you require any specific performance features ?

These performance features can be like caching, compression or newer protocols like SPDY.

Do you require any other functionality ?

There are functions like application acceleration, application firewall, IPv6 Gateway that can be implemented on the ADC in addition to the normal load balancing.

Major ADC Vendors:

Top 3 based on Gartner 2013:

BigIP F5

Citrix NetScaler

Radware

Others:

Riverbed, A10, Brocade, Barracuda etc.

ADC Functions:

Scalability:

This provides the ability to add/remove servers with minimal disruption to ongoing traffic processing.

High Availability:

Do you require 2 (or more) Load Balancers that can be set up such that one of the “standby” load balancers take over the active load balancers function, if one of them fails ?

Performance:

This is not just about the values like connections/s or throughput. You would have to consider the feature set that is available to you to maximize the application delivery. These features can be caching, compression, newer protocol support like SPDY.

Security:

The newer load balancers provide greater support against certain Denial of Service (DoS) and security like a single authentication portal, web application firewall (WAF)

Leave a Reply